Rails：操作电缆：如何根据角色授权用户连接特定的通道？

Question

In my rails auction app, authorized users can connect to 2 channels simultaneously within the product page (one is all_users channel for the product, the other is user specific channel for direct messaging.)

Now I would like to send sensitive information only to admin group users. I tought I can define a third channel connection request (admin_channel) in the coffee script but I couldn't figured out how I can authorize user connection for the 3rd channel based on role.

Another alternative might be utilizing the existing user specific channel but here I couldn't figured out how backend classes may know which users in the admin group currently is online (has a user channel up&running)..

Do you have any idea how I can achieve it? Any kind of support will be appreciated..

Below you can find my existing connection.rb file and coffeescript files.

Here is my connection.rb file:

module ApplicationCable
  class Connection < ActionCable::Connection::Base
    identified_by :current_user


    def connect
      self.current_user = find_verified_user
    end

    protected

    def find_verified_user # this checks whether a user is authenticated with devise
      if verified_user = env['warden'].user
        verified_user
      else
        reject_unauthorized_connection
      end
    end
  end
end

coffee script:

$( document ).ready ->
    App.myauction = App.cable.subscriptions.create({
      channel: 'MyauctionChannel'
      id: $('#auctionID').attr('data-id')
      },
      connected: ->
        console.log "Connected"
        # Called when the subscription is ready for use on the server

      disconnected: ->
        # Called when the subscription has been terminated by the server

      speak: (message) ->
        @perform 'speak', message: message

      received: (data) ->
        console.log(data)
        # Called when there's incoming data on the websocket for this channel
    )

    App.myauctionuser = App.cable.subscriptions.create({
      channel: 'MyauctionChannel',
      id: $('#auctionID').attr('data-uuid-code')
      },
      connected: ->
        console.log "user connected"
        # Called when the subscription is ready for use on the server

      disconnected: ->
        # Called when the subscription has been terminated by the server

      speak: (message) ->
        @perform 'speak', message: message

      received: (data) ->
        # console.log ("user channel ")
        # console.log(data)
    )

Answer 1

$(document).ready ->
    App.privateAdminMesssagesChannel = App.cable.subscriptions.create({
        channel: 'PrivateAdminMessagesChannel'
      },
      connected: ->
      disconnected: ->
      // call this function to send a message from a Non-Admin to All Admins
      sendMessageToAdmins: (message) ->
        @perform 'send_messsage_to_admins', message: message
      // call this function to send a messsage from an Admin to (a Non-admin + all Admins)
      sendMessageToUserAndAdmins: (message, toUserId) ->
        @perform 'send_messsage_to_user_and_admins', message: message, to_user_id: toUserId

      received: (data) ->
        console.log(data.from_user_id)
        console.log(data.to_user_id)
        console.log(data.message)

        if data.to_user_id
          // this means the message was sent from an Admin to (a Non-admin + all admins)
        else
          // this means the message was sent from a Non-admin to All Admins
          // do some logic here i.e. if current user is an admin, open up one Chatbox
          // on the page for each unique `from_user_id`, and put data.message
          // in that box accordingly
    )

private_admin_messages_channel.rb

class PrivateAdminMessagesChannel < ActionCable::Channel::Base
  def subscribed    
    stream_from :private_admin_messages_channel, coder: ActiveSupport::JSON do |data|
      from_user = User.find(data.fetch('from_user_id'))
      to_user = User.find(data['to_user_id']) if data['to_user_id']
      message = data.fetch('message')

      # authorize if "message" is sent to you (a non-admin), and also
      # authorize if "message" is sent to you (an admin)

      if (to_user && to_user == current_user) || (!to_user && current_user.is_admin?)
        # now, finally send the Hash data below and transmit it to the client to be received in the JS-side "received(data)" callback
        transmit(
          from_user_id: from_user.id,
          to_user_id: to_user&.id,
          message: message
        )
      end
    end
  end

  def send_message_to_admins(data)
    ActionCable.server.broadcast 'private_admin_messages_channel', 
      from_user_id: current_user.id,
      message: data.fetch('message')
  end

  def send_message_to_user_and_admins(data)
    from_user = current_user

    reject unless from_user.is_admin?

    ActionCable.server.broadcast 'private_admin_messages_channel', 
      from_user_id: from_user.id,
      to_user_id: data.fetch('to_user_id'),
      message: data.fetch('message')
  end
end

Above is the easiest way I could think of. Not the most efficient one because there's an extra level of authorization happening per stream (see inside stream_from block) unlike if we have different broadcast-names of which the authorization would happen only once on the "connecting" itself, and not each "streaming"... which can be done via something like:

1. Admin User1 opens page then JS-subscribes to UserConnectedChannel
2. Non-admin User2 opens page then JS-subscribes to PrivateAdminMessagesChannel passing in data: user_id: CURRENT_USER_ID
3. From 2. above, as User2 has just subscribed; then on the backend, inside def subscribed upon connection, you ActionCable.server.broadcast :user_connected, { user_id: current_user.id }
4. Admin User1 being subscribed to UserConnectedChannel then receives with data { user_id: THAT_USER2_id }
5. From 4 above, inside the JS received(data) callback, you then now JS-subscribe to PrivateAdminMessagesChannel passing in data: THAT_USER2_id`.
6. Now User1 and User2 are both subscribed to PrivateAdminMessagesChannel user_id: THAT_USER2_id which means that they can privately talk with each other (other admins should also have had received :user_connected 's JS data: { user_id: THAT_USER2_ID } , and so they should also be subscribed as well, because it makes sense that AdminUser1, NonAdminUser2, and AdminUser3 can talk in the same chat channel... from what I was getting with your requirements)
7. TODO: From 1 to 6 above, do something similar also with the "disconnection" process

Trivias:

• Those you define with identified_by in your ApplicationCable::Connection can be acceessed in your channel files. In particular, in this case, current_user can be called.
• Regarding, rejecting subscriptions, see docs here